libdcp
Public Types | Public Member Functions | Private Member Functions | Private Attributes | Friends | List of all members
dcp::CertificateChain Class Reference

A chain of any number of certificates, from root to leaf. More...

#include <certificate_chain.h>

Public Types

typedef std::vector< CertificateList
 

Public Member Functions

 CertificateChain (boost::filesystem::path openssl, int validity_in_days, std::string organisation="example.org", std::string organisational_unit="example.org", std::string root_common_name=".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", std::string intermediate_common_name=".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION", std::string leaf_common_name="CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION")
 
 CertificateChain (std::string s)
 
void add (Certificate c)
 
void remove (Certificate c)
 
void remove (int i)
 
Certificate root () const
 
Certificate leaf () const
 
List leaf_to_root () const
 
List root_to_leaf () const
 
List unordered () const
 
bool valid (std::string *reason=nullptr) const
 
bool chain_valid () const
 
bool private_key_valid () const
 
void sign (xmlpp::Element *parent, Standard standard) const
 
void add_signature_value (xmlpp::Element *parent, std::string ns, bool add_indentation) const
 
boost::optional< std::string > key () const
 
void set_key (std::string k)
 
std::string chain () const
 

Private Member Functions

bool chain_valid (List const &chain) const
 

Private Attributes

List _certificates
 
boost::optional< std::string > _key
 

Friends

struct ::certificates_validation1
 
struct ::certificates_validation2
 
struct ::certificates_validation3
 
struct ::certificates_validation4
 
struct ::certificates_validation5
 
struct ::certificates_validation6
 
struct ::certificates_validation7
 
struct ::certificates_validation8
 

Detailed Description

A chain of any number of certificates, from root to leaf.

A CertificateChain object can also (optionally) hold the private key corresponding to the leaf certificate.

Definition at line 74 of file certificate_chain.h.

Constructor & Destructor Documentation

◆ CertificateChain() [1/2]

CertificateChain::CertificateChain ( boost::filesystem::path  openssl,
int  validity_in_days,
std::string  organisation = "example.org",
std::string  organisational_unit = "example.org",
std::string  root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
std::string  intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
std::string  leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION" 
)

Create a chain of certificates for signing things.

Parameters
opensslName of openssl binary (if it is on the path) or full path.
Returns
Directory (which should be deleted by the caller) containing:
  • ca.self-signed.pem self-signed root certificate
  • intermediate.signed.pem intermediate certificate
  • leaf.key leaf certificate private key
  • leaf.signed.pem leaf certificate

Definition at line 188 of file certificate_chain.cc.

◆ CertificateChain() [2/2]

CertificateChain::CertificateChain ( std::string  s)
explicit

Read a CertificateChain from a string.

Parameters
sA string containing one or more PEM-encoded certificates.

Definition at line 334 of file certificate_chain.cc.

Member Function Documentation

◆ add()

void CertificateChain::add ( Certificate  c)

Add a certificate to the chain.

Parameters
cCertificate to add.

Definition at line 385 of file certificate_chain.cc.

◆ add_signature_value()

void CertificateChain::add_signature_value ( xmlpp::Element *  parent,
std::string  ns,
bool  add_indentation 
) const

Sign an XML node.

Parameters
parentNode to sign.
nsNamespace to use for the signature XML nodes.

Definition at line 624 of file certificate_chain.cc.

◆ chain_valid()

bool CertificateChain::chain_valid ( ) const

Check to see if the chain is valid (i.e. root signs the intermediate, intermediate signs the leaf and so on) and that the private key (if there is one) matches the leaf certificate.

Returns
true if it's ok, false if not.

Definition at line 417 of file certificate_chain.cc.

◆ leaf()

Certificate CertificateChain::leaf ( ) const
Returns
Leaf certificate

Definition at line 361 of file certificate_chain.cc.

◆ leaf_to_root()

CertificateChain::List CertificateChain::leaf_to_root ( ) const
Returns
Certificates in order from leaf to root

Definition at line 369 of file certificate_chain.cc.

◆ private_key_valid()

bool CertificateChain::private_key_valid ( ) const

Check that there is a valid private key for the leaf certificate. Will return true if there are no certificates.

Definition at line 494 of file certificate_chain.cc.

◆ remove() [1/2]

void CertificateChain::remove ( Certificate  c)

Remove a certificate from the chain.

Parameters
cCertificate to remove.

Definition at line 392 of file certificate_chain.cc.

◆ remove() [2/2]

void CertificateChain::remove ( int  i)

Remove the i'th certificate in the chain, as listed from root to leaf.

Definition at line 402 of file certificate_chain.cc.

◆ root()

Certificate CertificateChain::root ( ) const
Returns
Root certificate

Definition at line 353 of file certificate_chain.cc.

◆ root_to_leaf()

CertificateChain::List CertificateChain::root_to_leaf ( ) const
Returns
Certificates in order from root to leaf

Definition at line 558 of file certificate_chain.cc.

◆ sign()

void CertificateChain::sign ( xmlpp::Element *  parent,
Standard  standard 
) const

Add a <Signer> and <ds:Signature> nodes to an XML node.

Parameters
parentXML node to add to.
standardINTEROP or SMPTE.

Definition at line 573 of file certificate_chain.cc.

Member Data Documentation

◆ _certificates

List dcp::CertificateChain::_certificates
private

Our certificates, not in any particular order

Definition at line 181 of file certificate_chain.h.

◆ _key

boost::optional<std::string> dcp::CertificateChain::_key
private

Leaf certificate's private key, if known, in PEM format

Definition at line 183 of file certificate_chain.h.

The documentation for this class was generated from the following files:
Generated on Mon Mar 7 2022 20:53:52 for libdcp by doxygen 1.9.1